.planning/PROJECT.md

# Pirate Station

## What This Is

A self-hosted file server for Raspberry Pi, exposed to the internet via frpc/rathole. Provides a polished web UI for a small group of trusted users to upload, download, and manage files in a shared space. Account management happens exclusively through a CLI tool on the Pi.

## Core Value

Users can securely access and manage files on the Pi from anywhere via the web, with the server completely isolated to its designated storage directory.

## Requirements

### Validated

(None yet — ship to validate)

### Active

- [ ] CLI tool for account management (create/delete users, change passwords)
- [ ] User authentication with hashed passwords and JWT sessions
- [ ] Web login interface
- [ ] File browser with folder navigation
- [ ] File upload (including drag-and-drop)
- [ ] File download
- [ ] File deletion
- [ ] Folder creation and deletion
- [ ] File and folder renaming
- [ ] Modern, polished responsive web UI
- [ ] Docker container isolated to mounted volume only

### Out of Scope

- Self-registration — admin creates accounts via CLI only
- Web-based admin panel — all user management via CLI
- File preview/streaming — just upload, download, manage
- Per-user private folders — shared space model
- Tailscale integration — using frpc/rathole instead
- Mobile app — web-only

## Context

- **Deployment:** Raspberry Pi at home, exposed via frpc/rathole tunnel
- **Users:** Small trusted group (family/friends), each with individual accounts
- **File access:** Shared space, everyone sees all files
- **Isolation requirement:** Docker container must only affect the mounted directory, never touch anything else on the Pi

## Constraints

- **Platform:** Raspberry Pi — lightweight, low memory footprint required
- **Stack:** Go backend — small binary, efficient for Pi's resources
- **Containerization:** Docker — must run fully isolated with volume mount
- **Network:** Works behind frpc/rathole tunnel (not Tailscale)
- **Security:** Internet-exposed, so authentication must be solid (no plain passwords)

## Key Decisions

| Decision | Rationale | Outcome |
|----------|-----------|---------|
| Go backend | Lightweight for Pi, single binary, good HTTP handling | — Pending |
| CLI-only user management | Simpler, more secure (no web admin surface) | — Pending |
| Shared file space | Simpler than per-user isolation, trusted group | — Pending |
| JWT sessions | Stateless auth, works well with Go | — Pending |

---
*Last updated: 2026-02-03 after initialization*
docs: initialize project Self-hosted file server for Raspberry Pi with web UI and CLI account management. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-02-03 01:04:49 +09:00			`# Pirate Station`

			`## What This Is`

			`A self-hosted file server for Raspberry Pi, exposed to the internet via frpc/rathole. Provides a polished web UI for a small group of trusted users to upload, download, and manage files in a shared space. Account management happens exclusively through a CLI tool on the Pi.`

			`## Core Value`

			`Users can securely access and manage files on the Pi from anywhere via the web, with the server completely isolated to its designated storage directory.`

			`## Requirements`

			`### Validated`

			`(None yet — ship to validate)`

			`### Active`

			`- [ ] CLI tool for account management (create/delete users, change passwords)`
			`- [ ] User authentication with hashed passwords and JWT sessions`
			`- [ ] Web login interface`
			`- [ ] File browser with folder navigation`
			`- [ ] File upload (including drag-and-drop)`
			`- [ ] File download`
			`- [ ] File deletion`
			`- [ ] Folder creation and deletion`
			`- [ ] File and folder renaming`
			`- [ ] Modern, polished responsive web UI`
			`- [ ] Docker container isolated to mounted volume only`

			`### Out of Scope`

			`- Self-registration — admin creates accounts via CLI only`
			`- Web-based admin panel — all user management via CLI`
			`- File preview/streaming — just upload, download, manage`
			`- Per-user private folders — shared space model`
			`- Tailscale integration — using frpc/rathole instead`
			`- Mobile app — web-only`

			`## Context`

			`- Deployment: Raspberry Pi at home, exposed via frpc/rathole tunnel`
			`- Users: Small trusted group (family/friends), each with individual accounts`
			`- File access: Shared space, everyone sees all files`
			`- Isolation requirement: Docker container must only affect the mounted directory, never touch anything else on the Pi`

			`## Constraints`

			`- Platform: Raspberry Pi — lightweight, low memory footprint required`
			`- Stack: Go backend — small binary, efficient for Pi's resources`
			`- Containerization: Docker — must run fully isolated with volume mount`
			`- Network: Works behind frpc/rathole tunnel (not Tailscale)`
			`- Security: Internet-exposed, so authentication must be solid (no plain passwords)`

			`## Key Decisions`

			`\| Decision \| Rationale \| Outcome \|`
			`\|----------\|-----------\|---------\|`
			`\| Go backend \| Lightweight for Pi, single binary, good HTTP handling \| — Pending \|`
			`\| CLI-only user management \| Simpler, more secure (no web admin surface) \| — Pending \|`
			`\| Shared file space \| Simpler than per-user isolation, trusted group \| — Pending \|`
			`\| JWT sessions \| Stateless auth, works well with Go \| — Pending \|`

			`---`
			`Last updated: 2026-02-03 after initialization`